Use nMap to check used SSL/TLS protocol and ciphers

Abstract: If you do some hardening on a computer and server environment it often is needed to check which protocol and cipher are enabled on a specified port. This can be very easy be checked with nMap. This howto explains how.

1.) At first went to the nMap download page and install nMap (preferred via the default installation options). Depending on your operation system, you can either install it on Windows, Mac or Linux. In our example we will use the Windows installer.

2.) Once installed you need to start nMap

3.) In the nMap command windows enter now:

nmap -p 3389 --script ssl-enum-ciphers 10.204.8.180

In the example above we use the RDP (Remote Desktop) port which is specified via -p 3389. The script we will use is the ssl-enum-ciphers, which will show us the needed info'

Abstract: If you do some hardening on a computer and server environment it often is needed to check which protocol and cipher are enabled on a specified port. This can be very easy be checked with nMap. This howto explains how.

1.) At first went to the nMap download page and install nMap (preferred via the default installation options). Depending on your operation system, you can either install it on Windows, Mac or Linux. In our example we will use the Windows installer.

2.) Once installed you need to start nMap

3.) In the nMap command windows enter now:

nmap -p 3389 --script ssl-enum-ciphers 10.204.8.180

In the example above we use the RDP (Remote Desktop) port which is specified via -p 3389. The script we will use is the ssl-enum-ciphers, which will show us the needed info's as seen below. The last parameter we use is the IP address (in my case a Windows 2012 R2 test OS).

4.) After that press the scan button

5.) The result (enabled protocols and used cipher) can be then seen in the result: